ComboFix 12-07-20.02 - Jurek 2012-07-20 19:18:01.1.4 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2047.1526 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-20 do 2012-07-20 ))))))))))))))))))))))))))))))) . . 2012-07-18 20:41 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-18 19:36 . 2012-07-20 17:15 -------- d-----w- c:\programdata\AVAST Software 2012-07-18 19:36 . 2012-07-18 19:36 -------- d-----w- c:\program files\AVAST Software 2012-07-12 18:21 . 2012-07-12 18:21 -------- d-----w- c:\users\Jurek\AppData\Roaming\hellomoto 2012-07-12 17:25 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAC4C0BC-4309-4CFC-A2BB-8E31CE712DEE}\mpengine.dll 2012-07-12 17:19 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-12 17:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-12 17:19 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-12 17:19 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-12 17:19 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-12 17:19 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 17:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-11 17:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-07-11 17:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-11 17:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-07-11 17:17 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-07-11 17:17 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-07-11 17:17 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-07-11 17:16 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-11 17:16 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 20:13 . 2012-06-20 20:13 -------- d-----w- c:\programdata\vsolopaogkbeblt . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 16:16 . 2008-04-27 16:34 17488 ----a-w- c:\windows\gdrv.sys 2012-07-11 15:50 . 2012-04-17 17:50 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys 2012-05-31 10:25 . 2009-10-03 09:03 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-01 14:03 . 2012-06-14 17:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-23 16:00 . 2012-06-14 17:03 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-04-23 16:00 . 2012-06-14 17:03 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-23 16:00 . 2012-06-14 17:03 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-21 01:18 . 2012-04-25 14:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "ares"="c:\program files\Ares\Ares.exe" [2007-01-05 979968] "WPDShextAutoplay"="c:\users\Jurek\AppData\Local\Microsoft\Windows\1516\WPDShextAutoplay.exe" [2012-07-12 48640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328] "AdslTaskBar"="stmctrl.dll" [2007-03-21 167936] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Zawartość folderu 'Zaplanowane zadania' . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:28] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:28] . 2012-07-12 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Skan uzupełniający ------- . IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{A7358742-DE0D-4737-BC07-7CA014D824FF}: NameServer = 194.204.159.1 194.204.152.34 FF - ProfilePath - c:\users\Jurek\AppData\Roaming\Mozilla\Firefox\Profiles\qpeog5vq.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-20 19:27 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(1972) c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll . Czas ukończenia: 2012-07-20 19:29:55 ComboFix-quarantined-files.txt 2012-07-20 17:29 . Przed: 387 862 937 600 bajtów wolnych Po: 387 801 071 616 bajtów wolnych . - - End Of File - - 740AF9884E903718BCD6CDC1DC66243D